<?php
	if($_SESSION['access']!='0') {
		header("Location: ".HTTP_SERVER.ADMIN_DIR);
		exit;
	}
	
	$det_msg = $pass_msg = "";
	if(isset($_POST['submit']) && $_POST['submit']=='Update') {
	  $db->Query("UPDATE member SET name='".$_POST['name']."', email='".$_POST['email']."', contact_tel='".$_POST['tel']."' WHERE username='".$_SESSION['loggedin']."';");
		$det_msg = "<span class='success'>Update Successfull</span>";
	}

	if(isset($_POST['submit']) && $_POST['submit']=='Change Password') {
		if($_POST['passwd'] == $_POST['passwd2']) {
			$pass_msg = changePassword($_POST['old_passwd'], $_POST['passwd'], $_POST['passwd2']);
			$old_pass = $new_pass = $confirm_pass = "";
		} else {
			$pass_msg = "<span class='error'>Password confirmation is not the same as the new password</span>";
			$old_pass = $_POST['old_passwd'];
			$new_pass = $_POST['passwd'];
			$confirm_pass = $_POST['passwd2'];
		}
	} else $old_pass = $new_pass = $confirm_pass = "";

	function changePassword($oldpasswd, $passwd, $passwd2) {
		global $db;
		$db->Query("SELECT password FROM member where username = '" . $_SESSION['loggedin'] . "'");
		while($db->getRow()) $old_pw = $db->access[0];
		if(strcmp($old_pw, crypt($oldpasswd, SALT)) == 0) { //check entered proper old password
			$db->Query("UPDATE member SET password='".crypt($passwd, SALT)."' WHERE username = '" . $_SESSION['loggedin'] . "';");
			return "";
		} else return "<span class='error'>Incorrect Old Password</span>";
	}

	//get information to display
	$db->Query("SELECT * FROM member WHERE username = '".$_SESSION['loggedin']."';");
	if($db->getRow()) {
		$username = $db->access[1];
		$name = $db->access[3];
		$email = $db->access[4];
		$tel = $db->access[5];
	}

?>